2021-10-11 20:58:09 +00:00
|
|
|
---
|
|
|
|
|
- name: 'Moduli: Check if "moduli.not-hardened" already exists'
|
|
|
|
|
stat:
|
|
|
|
|
path: "{{ ssh_hardening_moduli_backup }}"
|
|
|
|
|
register: ssh_hardening_moduli_backup_file
|
|
|
|
|
|
2021-10-12 07:40:00 +00:00
|
|
|
|
2021-10-11 20:58:09 +00:00
|
|
|
- name: 'Moduli: Backup "moduli.not-hardened"'
|
|
|
|
|
shell: 'cp -a {{ ssh_hardening_moduli }} {{ ssh_hardening_moduli_backup }}'
|
|
|
|
|
when: not ssh_hardening_moduli_backup_file.stat.exists
|
|
|
|
|
|
2021-10-12 07:40:00 +00:00
|
|
|
|
2021-10-11 20:58:09 +00:00
|
|
|
- name: 'Moduli: Check for small Diffie-Hellman moduli'
|
2023-11-15 20:07:32 +00:00
|
|
|
shell: "grep -Ec ' 1535 | 2047 ' {{ ssh_hardening_moduli }} || true"
|
2021-10-11 20:58:09 +00:00
|
|
|
changed_when: False
|
|
|
|
|
register: ssh_hardening_moduli_small
|
|
|
|
|
|
2021-10-12 07:40:00 +00:00
|
|
|
|
2021-10-11 20:58:09 +00:00
|
|
|
- name: 'Moduli: Remove small Diffie-Hellman moduli'
|
2023-11-15 20:07:32 +00:00
|
|
|
shell: "TMPF=$(mktemp) && awk '$5 >= 3071' {{ ssh_hardening_moduli }} >${TMPF} && mv ${TMPF} {{ ssh_hardening_moduli }}"
|
2021-10-11 20:58:09 +00:00
|
|
|
when: ssh_hardening_moduli_small.stdout|int > 0
|
|
|
|
|
|
2021-10-12 07:40:00 +00:00
|
|
|
|
